mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-06 16:36:16 +08:00
352 lines
8.8 KiB
C
352 lines
8.8 KiB
C
/* ====================================================================
|
|
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* 3. All advertising materials mentioning features or use of this
|
|
* software must display the following acknowledgment:
|
|
* "This product includes software developed by the GmSSL Project.
|
|
* (http://gmssl.org/)"
|
|
*
|
|
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
|
* products derived from this software without prior written
|
|
* permission. For written permission, please contact
|
|
* guanzhi1980@gmail.com.
|
|
*
|
|
* 5. Products derived from this software may not be called "GmSSL"
|
|
* nor may "GmSSL" appear in their names without prior written
|
|
* permission of the GmSSL Project.
|
|
*
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
* acknowledgment:
|
|
* "This product includes software developed by the GmSSL Project
|
|
* (http://gmssl.org/)"
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
* ====================================================================
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <ctype.h>
|
|
#include <string.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/ffx.h>
|
|
#include <openssl/e_os2.h>
|
|
#include "../modes/modes_lcl.h"
|
|
|
|
|
|
static uint32_t modulo[] = {
|
|
1,
|
|
10,
|
|
100,
|
|
1000,
|
|
10000,
|
|
100000,
|
|
1000000,
|
|
10000000,
|
|
100000000,
|
|
1000000000,
|
|
1000000000,
|
|
};
|
|
|
|
struct FFX_CTX_st {
|
|
EVP_CIPHER_CTX *cctx;
|
|
int flag;
|
|
};
|
|
|
|
FFX_CTX *FFX_CTX_new(void)
|
|
{
|
|
FFX_CTX *ret = NULL;
|
|
ret = OPENSSL_zalloc(sizeof(*ret));
|
|
return ret;
|
|
}
|
|
|
|
void FFX_CTX_free(FFX_CTX *ctx)
|
|
{
|
|
if (ctx) {
|
|
EVP_CIPHER_CTX_free(ctx->cctx);
|
|
}
|
|
OPENSSL_free(ctx);
|
|
}
|
|
|
|
int FFX_init(FFX_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key,
|
|
int flag)
|
|
{
|
|
int ret = 0;
|
|
EVP_CIPHER_CTX *cctx = NULL;
|
|
|
|
if (!ctx || !cipher || !key) {
|
|
FFXerr(FFX_F_FFX_INIT, ERR_R_PASSED_NULL_PARAMETER);
|
|
return 0;
|
|
}
|
|
if (EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE) {
|
|
FFXerr(FFX_F_FFX_INIT, FFX_R_INVALID_CIPHER_MODE);
|
|
return 0;
|
|
}
|
|
if (EVP_CIPHER_block_size(cipher) != 16) {
|
|
FFXerr(FFX_F_FFX_INIT, FFX_R_INVALID_BLOCK_SIZE);
|
|
return 0;
|
|
}
|
|
|
|
if (!ctx->cctx) {
|
|
if (!(cctx = EVP_CIPHER_CTX_new())) {
|
|
FFXerr(FFX_F_FFX_INIT, ERR_R_MALLOC_FAILURE);
|
|
goto end;
|
|
}
|
|
ctx->cctx = cctx;
|
|
cctx = NULL;
|
|
}
|
|
ctx->flag = flag;
|
|
|
|
if (!EVP_EncryptInit_ex(ctx->cctx, cipher, NULL, key, NULL)) {
|
|
FFXerr(FFX_F_FFX_INIT, FFX_R_ENCRYPT_INIT_FAILURE);
|
|
goto end;
|
|
}
|
|
|
|
ret = 1;
|
|
end:
|
|
EVP_CIPHER_CTX_free(cctx);
|
|
return ret;
|
|
}
|
|
|
|
int FFX_encrypt(FFX_CTX *ctx, const char *in, char *out, size_t iolen,
|
|
unsigned char *tweak, size_t tweaklen)
|
|
{
|
|
int llen, rlen;
|
|
uint32_t lval, rval;
|
|
unsigned char pblock[16] = {
|
|
0x01, 0x02, 0x01, 0x0a, 0x00, 0x00, 0x0a, 0xff,
|
|
0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00};
|
|
unsigned char qblock[16];
|
|
char lbuf[FFX_MAX_DIGITS/2 + 2];
|
|
uint64_t yval;
|
|
size_t i;
|
|
|
|
if (!ctx || !in || !out || !tweak) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER);
|
|
return 0;
|
|
}
|
|
|
|
if (iolen < FFX_MIN_DIGITS || iolen > FFX_MAX_DIGITS) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_INPUT_LENGTH);
|
|
return 0;
|
|
}
|
|
|
|
for (i = 0; i < iolen; i++) {
|
|
if (!isdigit(in[i])) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_INPUT_DIGIT);
|
|
return 0;
|
|
}
|
|
}
|
|
llen = iolen / 2;
|
|
rlen = iolen - llen;
|
|
|
|
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_TWEAK_LENGTH);
|
|
return 0;
|
|
}
|
|
|
|
memcpy(lbuf, in, llen);
|
|
lbuf[llen] = 0;
|
|
lval = atoi(lbuf);
|
|
rval = atoi(in + llen);
|
|
|
|
pblock[7] = llen & 0xff;
|
|
pblock[8] = iolen & 0xff;
|
|
pblock[12] = tweaklen & 0xff;
|
|
|
|
if (!EVP_Cipher(ctx->cctx, pblock, pblock,
|
|
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_EVP_LIB);
|
|
return 0;
|
|
}
|
|
|
|
memset(qblock, 0, sizeof(qblock));
|
|
memcpy(qblock, tweak, tweaklen);
|
|
|
|
for (i = 0; i < FFX_NUM_ROUNDS; i += 2) {
|
|
|
|
unsigned char rblock[16];
|
|
size_t j;
|
|
|
|
qblock[11] = i & 0xff;
|
|
memcpy(qblock + 12, &rval, sizeof(rval));
|
|
for (j = 0; j < sizeof(rblock); j++) {
|
|
rblock[j] = pblock[j] ^ qblock[j];
|
|
}
|
|
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
|
|
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_EVP_LIB);
|
|
return 0;
|
|
}
|
|
|
|
yval = *((uint64_t *)rblock) % modulo[llen];
|
|
lval = (lval + yval) % modulo[llen];
|
|
|
|
qblock[11] = (i + 1) & 0xff;
|
|
memcpy(qblock + 12, &lval, sizeof(lval));
|
|
for (j = 0; j < sizeof(rblock); j++) {
|
|
rblock[j] = pblock[j] ^ qblock[j];
|
|
}
|
|
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
|
|
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
|
|
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_EVP_LIB);
|
|
return 0;
|
|
}
|
|
yval = *((uint64_t *)rblock) % modulo[rlen];
|
|
rval = (rval + yval) % modulo[rlen];
|
|
}
|
|
|
|
memset(out, '0', iolen);
|
|
sprintf(lbuf, "%d", rval);
|
|
memcpy(out + rlen - strlen(lbuf), lbuf, strlen(lbuf));
|
|
sprintf(lbuf, "%d", lval);
|
|
strcpy(out + iolen - strlen(lbuf), lbuf);
|
|
|
|
return 1;
|
|
}
|
|
|
|
int FFX_decrypt(FFX_CTX *ctx, const char *in, char *out, size_t iolen,
|
|
unsigned char *tweak, size_t tweaklen)
|
|
{
|
|
int llen, rlen;
|
|
uint32_t lval, rval;
|
|
unsigned char pblock[16] = {
|
|
0x01, 0x02, 0x01, 0x0a, 0x00, 0x00, 0x0a, 0xff,
|
|
0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00};
|
|
unsigned char qblock[16];
|
|
char lbuf[FFX_MAX_DIGITS/2 + 2];
|
|
uint64_t yval;
|
|
size_t i;
|
|
|
|
if (!ctx || !in || !out || !tweak) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
|
|
return 0;
|
|
}
|
|
|
|
if (iolen < FFX_MIN_DIGITS || iolen > FFX_MAX_DIGITS) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_INPUT_LENGTH);
|
|
return 0;
|
|
}
|
|
|
|
for (i = 0; i < iolen; i++) {
|
|
if (!isdigit(in[i])) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_INPUT_DIGIT);
|
|
return 0;
|
|
}
|
|
}
|
|
rlen = iolen / 2;
|
|
llen = iolen - rlen;
|
|
|
|
|
|
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_TWEAK_LENGTH);
|
|
return 0;
|
|
}
|
|
|
|
memcpy(lbuf, in, llen);
|
|
lbuf[llen] = 0;
|
|
lval = atoi(lbuf);
|
|
rval = atoi(in + llen);
|
|
|
|
pblock[7] = rlen & 0xff;
|
|
pblock[8] = iolen & 0xff;
|
|
pblock[12] = tweaklen & 0xff;
|
|
|
|
if (!EVP_Cipher(ctx->cctx, pblock, pblock,
|
|
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_EVP_LIB);
|
|
return 0;
|
|
}
|
|
|
|
memset(qblock, 0, sizeof(qblock));
|
|
memcpy(qblock, tweak, tweaklen);
|
|
|
|
for (i = FFX_NUM_ROUNDS - 1; i > 0; i -= 2) {
|
|
|
|
unsigned char rblock[16];
|
|
size_t j;
|
|
|
|
qblock[11] = i & 0xff;
|
|
memcpy(qblock + 12, &rval, sizeof(rval));
|
|
for (j = 0; j < sizeof(rblock); j++) {
|
|
rblock[j] = pblock[j] ^ qblock[j];
|
|
}
|
|
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
|
|
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_EVP_LIB);
|
|
return 0;
|
|
}
|
|
|
|
yval = *((uint64_t *)rblock) % modulo[llen];
|
|
lval = (lval >= yval) ? (lval - yval) : lval + modulo[llen] - yval;
|
|
|
|
qblock[11] = (i - 1) & 0xff;
|
|
memcpy(qblock + 12, &lval, sizeof(lval));
|
|
for (j = 0; j < sizeof(rblock); j++) {
|
|
rblock[j] = pblock[j] ^ qblock[j];
|
|
}
|
|
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
|
|
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
|
|
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_EVP_LIB);
|
|
return 0;
|
|
}
|
|
|
|
yval = *((uint64_t *)rblock) % modulo[rlen];
|
|
rval = (rval >= yval) ? (rval - yval) : rval + modulo[rlen] - yval;
|
|
}
|
|
|
|
memset(out, '0', iolen);
|
|
sprintf(lbuf, "%d", rval);
|
|
memcpy(out + rlen - strlen(lbuf), lbuf, strlen(lbuf));
|
|
sprintf(lbuf, "%d", lval);
|
|
strcpy(out + iolen - strlen(lbuf), lbuf);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int luhn_table[10] = {0, 2, 4, 6, 8, 1, 3, 5, 7, 9};
|
|
|
|
int FFX_compute_luhn(const char *in, size_t inlen)
|
|
{
|
|
int r = 0;
|
|
int i;
|
|
|
|
for (i = inlen - 1; i >= 0; i--) {
|
|
int a;
|
|
if (!isdigit(in[i])) {
|
|
return -2;
|
|
}
|
|
a = in[i] - '0';
|
|
if (i % 2 != inlen % 2)
|
|
a = luhn_table[a];
|
|
r += a;
|
|
}
|
|
|
|
r = ((r * 9) % 10) + '0';
|
|
return r;
|
|
}
|
|
|